JPEG Processing (GDI+) Security Update

Hello all!

I am having difficulties getting a clear picture of the "JPEG Processing (GDI+) Security Update ".

I get notification of it in Windows Update but when I read How to Update Your Computer with the JPEG Processing (GDI+) Security Update it says that XP-SP2 isn't affected.

I proceed with skipping Step 1 since I've already been there and have hidden said update continuing by taking the actions in Step 2 by updating Office XP.

Steps 3 and 4 are skipped.

Today, I found, downloaded and run GDI Scan with the result below:

There is one vulnerable file in an uninstall folder which can be disregarded.

There is one vulnerable file pertaining to Norton which Windows and/or Office updates don't handle.

GDI-scan did, however, find one vulnerable file for Office and two vulnerable files for Windows ...... ...... which in my opinion it shouldn't.

Does anyone know what is going on?

Thanks for Your time,
Christer

 

Newt,

I obviously missed the second part of the first sentence ...... ...... thanks for pointing it out!

Yes, I have downloaded and installed KB832332. I actually downloaded both the client version and the full file version. I used the latter but they shouldn't differ ...... ...... or maybe they do.

Both Windows Update and Office Update say that my system is fully updated.

Is it possible that
"C:\Program\Delade filer\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.6626.0 <-- Vulnerable version "
is a false positive from GDI-scan?

Christer

 

I rolled back using Ghost to a state prior to installing the latest two updates for Office XP (KB832332 and KB873379) and as You can see, there is no difference in the GDI-scan results:

Can we rely on GDI-scan or does it produce false positives?

What did KB832332 actually fix?

Christer

 

Well, it seems like GDI-scan can be relied upon ...... ...... but not Microsoft. The previous time I installed KB832332, I used the full file version but this time I used the client version and that fixed the Office entry in the GDI-scan:

I actually thought that installing the full file version was strange. Never before has a file been extracted to a folder chosen by me and that file had to be clicked to carry out the installaion. The file name was/is SHAREDff.msp

Christer

 

Yup, sometimes it pays off being curious!

The fact that Microsoft has published one downloadable file that is faulty worries me. Do You have a channel to notifiy them or ask them about it?

Christer

 

The MVP's are giving them a LOT of Flak about this USELESS piece of software… Now if they listen, that’s another thing

 

Arie,
are You referring to the Microsoft GDI+ Detection Tool only or the version officexp-kb832332-fullfile-***.exe of the Office Update as well?

At least the swedish version (***=sve) seems to install components that are still vulnerable.

The version officexp-kb832332-client-***.exe does actually fix the vulnerability. (Again, ***=sve, I don't know anything about other language versions.)

Christer

 

Rockit,
a prerequisite for installing that hotfix is that Office XP SP3 is installed but I assume that You have it.

I haven't found any possibility to uninstall and neither have I found any reference to it in the registry so, how the installer keeps track of it ...... ...... I don't know.

Since You're using a different language, try the fullfile version ...... ...... which didn't work in swedish but might work in english.

Other than that, I'm out of ideas ...... ...... but am still thinking.

Christer

 

Today, I reinstalled my system from square one. I used a Windows XP-pro-RTM CD with SP2 slipstreamed and a Office XP-pro CD with SP3 slipstreamed. I also installed the client versions of KB833858, KB832332 and KB873379.

I lost my GDI-scan file so, I had to download it again. It was possibly not the same version (?) as the previous one because the result was different:

Rockit, You're not alone out there ...... ...... and I am beginning to doubt GDI-scan. The same KB832332 couldn't possibly stick different files in there on two consecutive occasions!

Christer

 

Bumping this thread in anticipation of renewed interest. This issue craves an explanation.

Regarding the MSO.DLL, am I safe since Office Update says that my computer doesn't need updating or am I in trouble since GDI-scan is correct?

Regarding the GDIplus.dll, well, I actually don't expect anything from Symantec right now ...... ...... am still waiting for the forthcoming update to the WMI, which is looong overdue.

Christer

 

Rockit,
in my GDI-scan report, the path is "C:\Program\Norton SystemWorks\Web Cleanup\GDIPlus.dll "

Does GDI-scan give the same path for Your system?

If You don't have NSW installed, then You shouldn't have that file in the first place. You say "I no longer have any of their products ". Does that mean that You had NSW but uninstalled? Then it seems like a left-over which can be deleted.

I personally would not simply delete it. I would do a thourough registry cleanup for anything Symantec and Norton. Next I would search the registry for "GDIPlus.dll" to find out if any other application uses it. If I found no reference to it, then I would delete it.

Christer

 

Jim,

If You take a look at my scan results, then there is a new color and the verdict has been changed from "Vulnerable" to "Possibly vulnerable" in the last scan result. That was done using the second downloaded scan-file. The fact that some entries are gone, is due to me doing a clean installation of XP-SP2 in between.

My main concern with Microsoft and the MSO.DLL is:

When I used my downloaded copy of "officexp-kb832332-client-sve.exe" to install it on my previous "XP-SP1 with SP2 on top" installation, I ended up with a non-vulnerable MSO.DLL version, 10.0.6714.0

When I used the same downloaded copy of "officexp-kb832332-client-sve.exe" to install it on my fresh clean installation of XP-SP2, I ended up with a possibly vulnerable MSO.DLL version, 10.0.6626.0
This is the same version as prior to installing kb832332 and the update fixed nothing.

Office Update is pleased and says that my installation is up-to-date ...... ...... !

I haven't researched the Norton file yet but with my experience of Symantec ...... ...... it will most likely be a dead end.

Thanks for Your interest, guys,
Christer

Edited:

The "XP-SP1 with SP2 on top" installation was fully updated and included Office XP + SP1 + SP2 + SP3 in sequence.

The fresh clean installation of XP-SP2 slipstreamed included Office XP-SP3 slipstreamed.

 

According to Description of the Office XP security update: September 14, 2004

The random behaviour that I have experienced is a serious malfunction of an update!

I hope that someone with channels into Microsoft will use them to find out what is going on.

Christer

 

I went Google on these two problems and I found several discussions on the subjects.

1)

KB832332 - to fix the MSO.DLL issue, seems to be a "needle and haystack" case. The downloaded file that I used on both occasions is the one for Office XP with SP3.
On the first occasion, KB832332 was installed on a system with Office XP + SP1 + SP2 + SP3 installed in sequence - it worked.
On the second occasion, KB832332 was installed on a system with Office XP + SP3 slipstreamed - it didn't work.

It seems like Microsoft haven't covered all bases with this update.

2)

I found discussions on the "C:\Program\Norton SystemWorks\Web Cleanup\GDIPlus.dll" issue and my assumption that Symantec didn't bother with the 2003 version was correct. They even neglect the 2004 version and prompt people to upgrade to 2005.

One discussion directed me to Platform SDK Redistributable: GDI+ and indicated that it was simply the matter of substituting this GDIPlus.dll for the existing one. "Web Cleanup seemed to work OK afterwards. "

I downloaded and extracted that GDIPlus.dll. The README said to not substitute for the original on XP since file protection wouldn't allow it.

I compared the file properties with the properties of the non-vulnerable file that already was in "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll" and that version (5.1.3102.2180) was more recent.

I sent the file, downloaded from the URL above, to the Recycle Bin.

I renamed "C:\Program\Norton SystemWorks\Web Cleanup\GDIPlus.dll" > GDIPlus.org and copied to that location, GDIPlus.dll from "C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll ".

I have never before used Web Cleanup but it worked like a charm and the GDI-scan returned:

Since files in "C:\WINDOWS\WinSxS\" can be disregarded ...... ...... really ...... ...... then there is one to go!

Christer